token invalidation

travis fix

api/.travis.env

@@ -15,6 +15,7 @@ WEBSERVER_HOST=127.0.0.1
 WEBSERVER_PORT=8000
 
 AUTH_MODEL=App\Models\User
+AUTH_DRIVER=jwt
 
 DB_CONNECTION=pgsql
 DB_HOST=127.0.0.1

api/app/Http/Controllers/UserController.php

@@ -150,20 +150,16 @@ public function patchOne(Request $request, $id)
         $credentialUpdateDetails = $request->input('_user_credential', []);
         if (! empty($credentialUpdateDetails)) {
             // Invalidate token for the user when user changes their password
-            // no invalidation in current driver
-//            if ($this->jwtAuth->user()->user_id == $model->user_id) {
-//                $token = $this->jwtAuth->getTokenFromRequest();
-//                $this->jwtAuth->invalidate($token);
-//            }
+            if ($request->user()->user_id == $model->user_id) {
+                $this->auth->logout();
+            }
 
             $credentials = UserCredential::findOrNew($id);
             /* @var UserCredential $credentials */
             $credentials->fill($credentialUpdateDetails);
             $model->setCredential($credentials);
         }
 
-        $this->auth->login($model);
-
         return $this->getResponse()->header('Authorization-Update', $this->auth->generateToken($model))->noContent();
     }
 

api/src/Auth/Blacklist/Blacklist.php

@@ -0,0 +1,70 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: ivanmatveev
+ * Date: 17.09.15
+ * Time: 20:27
+ */
+
+namespace Spira\Auth\Blacklist;
+
+
+use Carbon\Carbon;
+use Spira\Auth\Token\TokenExpiredException;
+
+class Blacklist
+{
+    private $key;
+    /**
+     * @var StorageInterface
+     */
+    private $driver;
+    private $exp;
+
+    /**
+     * @param StorageInterface $driver
+     * @param string $key key of the token id in the payload
+     * @param string|null $exp key of the exp inside payload
+     */
+    public function __construct(StorageInterface $driver, $key, $exp = null)
+    {
+        $this->key = $key;
+        $this->driver = $driver;
+        $this->exp = $exp;
+    }
+
+    /**
+     * @param $payload
+     * @return void
+     */
+    public function add($payload)
+    {
+        if ($this->exp && isset($payload[$this->exp])){
+            $exp = Carbon::createFromTimeStampUTC($payload['exp']);
+            if ($exp->isPast()) {
+                return;
+            }
+
+            $seconds = $exp->diffInSeconds(Carbon::now()->subSecond(10));
+
+            if (isset($payload[$this->key])){
+                $this->driver->add($payload[$this->key], $seconds);
+            }
+        }
+    }
+
+    /**
+     * Checks if token in a blacklist
+     * @param $payload
+     * @return bool
+     * @throw TokenExpiredException
+     */
+    public function check($payload)
+    {
+        if (isset($payload[$this->key]) && $this->driver->get($payload[$this->key])){
+            throw new TokenExpiredException;
+        }
+
+        return false;
+    }
+}

api/src/Auth/Blacklist/CacheDriver.php

@@ -0,0 +1,46 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: ivanmatveev
+ * Date: 17.09.15
+ * Time: 20:42
+ */
+
+namespace Spira\Auth\Blacklist;
+
+
+use Illuminate\Contracts\Cache\Repository;
+
+class CacheDriver implements StorageInterface
+{
+
+    /**
+     * @var Repository
+     */
+    private $cache;
+
+    public function __construct(Repository $cache)
+    {
+
+        $this->cache = $cache;
+    }
+
+    /**
+     * @param $id
+     * @param $seconds
+     * @return mixed
+     */
+    public function add($id, $seconds)
+    {
+        $this->cache->add($id,$id,ceil($seconds/60));
+    }
+
+    /**
+     * @param $id
+     * @return mixed
+     */
+    public function get($id)
+    {
+        return $this->cache->get($id);
+    }
+}

api/src/Auth/Blacklist/StorageInterface.php

@@ -0,0 +1,26 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: ivanmatveev
+ * Date: 17.09.15
+ * Time: 20:29
+ */
+
+namespace Spira\Auth\Blacklist;
+
+
+interface StorageInterface
+{
+    /**
+     * @param $id
+     * @param $seconds
+     * @return mixed
+     */
+    public function add($id, $seconds);
+
+    /**
+     * @param $id
+     * @return mixed
+     */
+    public function get($id);
+}

api/src/Auth/Driver/Guard.php

@@ -8,22 +8,18 @@
  * For the full copyright and license information, please view the LICENSE file that was distributed with this source code.
  */
 
-/**
- * Created by PhpStorm.
- * User: ivanmatveev
- * Date: 11.09.15
- * Time: 13:55.
- */
 
 namespace Spira\Auth\Driver;
 
 use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Contracts\Auth\UserProvider;
 use Illuminate\Http\Request;
+use Spira\Auth\Blacklist\Blacklist;
 use Spira\Auth\Payload\PayloadFactory;
 use Spira\Auth\Payload\PayloadValidationFactory;
 use Spira\Auth\Token\JWTInterface;
 use Spira\Auth\Token\RequestParser;
+use Spira\Auth\Token\TokenExpiredException;
 use Spira\Contract\Exception\NotImplementedException;
 
 class Guard implements \Illuminate\Contracts\Auth\Guard
@@ -68,26 +64,33 @@ class Guard implements \Illuminate\Contracts\Auth\Guard
      * @var RequestParser
      */
     protected $requestParser;
+    /**
+     * @var Blacklist
+     */
+    protected $blacklist;
 
     /**
      * @param JWTInterface $tokenizer
      * @param PayloadFactory $payloadFactory
      * @param PayloadValidationFactory $validationFactory
      * @param UserProvider $provider
      * @param RequestParser $requestParser
+     * @param Blacklist $blacklist
      */
     public function __construct(
         JWTInterface $tokenizer,
         PayloadFactory $payloadFactory,
         PayloadValidationFactory $validationFactory,
         UserProvider $provider,
-        RequestParser $requestParser
+        RequestParser $requestParser,
+        Blacklist $blacklist
     ) {
         $this->payloadFactory = $payloadFactory;
         $this->provider = $provider;
         $this->tokenizer = $tokenizer;
         $this->validationFactory = $validationFactory;
         $this->requestParser = $requestParser;
+        $this->blacklist = $blacklist;
     }
 
     /**
@@ -153,10 +156,14 @@ public function token()
         return;
     }
 
+    /**
+     * @return Authenticatable|null
+     */
     public function getUserFromRequest()
     {
         $token = $this->getRequestParser()->getToken($this->getRequest());
         $payload = $this->getTokenizer()->decode($token);
+        $this->blacklist->check($payload);
         $this->getValidationFactory()->validatePayload($payload);
         $user = $this->getProvider()->retrieveByToken(null, $payload);
 
@@ -288,6 +295,9 @@ public function viaToken()
      */
     public function logout()
     {
+        if ($this->user){
+            $this->blacklist->add($this->payloadFactory->createFromUser($this->user));
+        }
         $this->user = false;
     }
 
@@ -375,4 +385,12 @@ public function getValidationFactory()
     {
         return $this->validationFactory;
     }
+
+    /**
+     * @return Blacklist
+     */
+    public function getBlacklist()
+    {
+        return $this->blacklist;
+    }
 }

api/src/Auth/Payload/PayloadValidationFactory.php

@@ -8,29 +8,33 @@
  * For the full copyright and license information, please view the LICENSE file that was distributed with this source code.
  */
 
-/**
- * Created by PhpStorm.
- * User: ivanmatveev
- * Date: 14.09.15
- * Time: 21:24.
- */
-
 namespace Spira\Auth\Payload;
 
 use Spira\Auth\Token\TokenInvalidException;
 
+/**
+ * Class PayloadValidationFactory
+ * @package Spira\Auth\Payload
+ */
 class PayloadValidationFactory
 {
     /**
      * @var array
      */
     protected $validationRules;
 
+    /**
+     * @param array $validationRules
+     */
     public function __construct(array $validationRules = [])
     {
         $this->validationRules = $validationRules;
     }
 
+    /**
+     * @param $name
+     * @param \Closure $function
+     */
     public function addValidationRule($name, \Closure $function)
     {
         $this->validationRules[$name] = $function;